• Document: IP Tunnels In This Section This section provides an overview of IP Security (IPSec) software features for the IPSec ISA. Topics in this section include: IP Tunnels Overview on page 416 Tun...
  • Size: 447.25 KB
  • Uploaded: 2019-05-17 14:16:44
  • Status: Successfully converted


Some snippets from your converted document:

IP Tunnels In This Section This section provides an overview of IP Security (IPSec) software features for the IPSec ISA. Topics in this section include: • IP Tunnels Overview on page 416 → Tunnel ISAs on page 419 → Operational Conditions on page 426 → QoS Interactions on page 427 → OAM Interactions on page 427 → Redundancy on page 427 → Statistics Collection on page 429 → Security on page 429 → IKEv2 on page 432 → SHA2 Support on page 434 → Using Certificates For IPSec Tunnel Authentication on page 443 → Trust-Anchor-Profile on page 444 → Certificate Management Protocol Version 2 (CMPv2) on page 448 → OCSP on page 449 → Video Wholesale Example on page 450 → Multi-Chassis IPSec Redundancy Overview on page 451 → IPSec Deployment Requirements on page 460 → IKEv2 Remote-Access Tunnel on page 462 7450 ESS and 7750 SR Multiservice Integrated Service Adapter Guide Page 415 IP Tunnels Overview IP Tunnels Overview This section discusses IP Security (IPSec), GRE tunneling, and IP-IP tunneling features supported by the MS-ISA. In these applications, the MS-ISA functions as a resource module for the system, providing encapsulation and (for IPSec) encryption functions. The IPSec encryption functions provided by the MS-ISA are applicable for many applications including: encrypted SDPs, video wholesale, site-to-site encrypted tunnel, and remote access VPN concentration. Figure 33 shows an example of an IPSec deployment, and the way this would be supported inside a 7750. GRE and IP-IP tunnel deployments are very similar. IP tunnels have two flavors GRE/IP- IP, in all but a few area the information for IP Tunnels applies to both types. Tunnel Private Tunnel ISA SAP Public Tunnel SAP Private Private Service Network Public Public Network Service 7750 Public Tunnel Private Tunnel IPsec Interface Interface Tunnel VPN Connectivity OSSG340 Figure 33: 7750 IPSec Implementation Architecture Figure 33, the public network is typically an “insecure network” (for example, the public Internet) over which packets belonging to the private network in the diagram cannot be transmitted natively. Inside the 7750, a public service instance (IES or VPRN) connects to the public network and a private service instance (typically a VPRN) connects to the private network. The public and private services are typically two different services, and the MS-ISA is the only “bridge” between the two. Traffic from the public network may need to be authenticated and encrypted inside an IPSec tunnel to reach the private network. In this way, the authenticity/ confidentiality/integrity of accessing the private network can be enforced.If authentication and confidentiality are not important then access to the private network may alternatively be provided through GRE or IP-IP tunnels. The MS-ISA provides a variety of encryption features required to establish bi-directional IPSec tunnels including: Page 416 7450 ESS and 7750 SR Multiservice Integrated Service Adapter Guide IPSec Control Plane: • Manual Keying • Dynamic Keying: IKEv1/v2 • IKEv1 Mode: Main and Aggressive • Authentication: Pre-Shared-Key /xauth with RADIUS support/X.509v3 Certificate/EA

Recently converted files (publicly available):